Age | Commit message (Collapse) | Author | Files | Lines |
|
This milter implemets SRS (Sender Rewriting Scheme) that can be used to
fix envelope MAIL FROM for forwarded mails protected by SPF. It can be
configured in two modes for:
* Incoming mail -- rewrite RCPT TO addresses in SRS format back
* Outgoing mail -- rewrite MAIL FROM address to SRS format
|
|
|
|
- Set STRSEP_MISSING on Irix.
- Remove patch-ab, which #if'd out a fallback definition for
_PATH_SENDMAIL; that's completely pointless.
|
|
|
|
3.1.2 (2021-09-01)
* Fix for PHP 8.1
3.1.3 (Fix for PHP 8.1)
* Fix #73110: Mails with unknown MIME version are treated as
plain/text. (cmb)
* Fix #74233: Parsing multi Content-Disposition causes memory leak. (cmb)
* Fix #75825: mailparse_uudecode_all doesn't parse multiple files. (cmb)
* Fix #81422: Potential double-free in mailparse_uudecode_all(). (cmb)
* Fix gh#19 Segmentation fault with PHP 8.1 in extract_body using
MAILPARSE_EXTRACT_RETURN. (Remi)
|
|
This is a bug-fix release, fixing two authentication problems when Mutt is
configured with libgsasl (a new configuration option in 2.2.x).
|
|
|
|
|
|
|
|
|
|
pkgsrc changes:
* Use PKG_SYSCONFSUBDIR, there are a number of extra files supported in
the configuration file so everything should live in a sub-directory.
HEADS-UP! Users will need to migrate over to new config file location.
* Create opendmarc user/group, not currently used in rc.d script.
* Fix build on SunOS and add SMF support.
* Split multi-file patch correctly into separate files.
* Add TEST_TARGET.
* Various pkglint and cleanup.
opendmarc changes:
1.4.2 2021/12/19
Fix issue #175: Don't reject a multi-valued From when all of the
domains match.
Fix issue #179: Don't crash when a value in a multi-valued From field
is missing a domain name. Resolves CVE-2021-34555.
|
|
|
|
This release is done to maintain parity with dovecot 2.3.19 release, so it does not contain any news-worthy changes.
|
|
v2.3.19
+ Added mail_user_session_finished event, which is emitted when the mail
user session is finished (e.g. imap, pop3, lmtp). It also includes
fields with some process statistics information.
See https://doc.dovecot.org/admin_manual/list_of_events/ for more
information.
+ Added process_shutdown_filter setting. When an event matches the filter,
the process will be shutdown after the current connection(s) have
finished. This is intended to reduce memory usage of long-running imap
processes that keep a lot of memory allocated instead of freeing it to
the OS.
+ auth: Add cache hit indicator to auth passdb/userdb finished events.
See https://doc.dovecot.org/admin_manual/list_of_events/ for more
information.
+ doveadm deduplicate: Performance is improved significantly.
+ imapc: COPY commands were sent one mail at a time to the remote IMAP
server. Now the copying is buffered, so multiple mails can be copied
with a single COPY command.
+ lib-lua: Add a Lua interface to Dovecot's HTTP client library. See
https://doc.dovecot.org/admin_manual/lua/ for more information.
- auth: Cache lookup would use incorrect cache key after username change.
- auth: Improve handling unexpected LDAP connection errors/hangs.
Try to fix up these cases by reconnecting to the LDAP server and
aborting LDAP requests earlier.
- auth: Process crashed if userdb iteration was attempted while auth-workers
were already full handling auth requests.
- auth: db-oauth2: Using %{oauth2:name} variables caused unnecessary
introspection requests.
- dict: Timeouts may have been leaked at deinit.
- director: Ring may have become unstable if a backend's tag was changed.
It could also have caused director process to crash.
- doveadm kick: Numeric parameter was treated as IP address.
- doveadm: Proxying can panic when flushing print output. Fixes
Panic: file ioloop.c: line 865 (io_loop_destroy): assertion failed:
(ioloop == current_ioloop).
- doveadm sync: BROKENCHAR was wrongly changed to '_' character when
migrating mailboxes. This was set by default to %, so any mailbox
names containing % characters were modified to "_25".
- imapc: Copying or moving mails with doveadm to an imapc mailbox could
have produced "Error: Syncing mailbox '[...]' failed" Errors. The
operation itself succeeded but attempting to sync the destination
mailbox failed.
- imapc: Prevent index log synchronization errors when two or more imapc
sessions are adding messages to the same mailbox index files, i.e.
INDEX=MEMORY is not used.
- indexer: Process was slowly leaking memory for each indexing request.
- lib-fts: fts header filters caused binary content to be sent to the
indexer with non-default configuration.
- doveadm-server: Process could hang in some situations when printing
output to TCP client, e.g. when printing doveadm sync state.
- lib-index: dovecot.index.log files were often read and parsed entirely,
rather than only the parts that were actually necessary. This mainly
increased CPU usage.
- lmtp-proxy: Session ID forwarding would cause same session IDs being
used when delivering same mail to multiple backends.
- log: Log prefix update may have been lost if log process was busy.
This could have caused log prefixes to be empty or in some cases
reused between sessions, i.e. log lines could have been logged for the
wrong user/session.
- mail_crypt: Plugin crashes if it's loaded only for some users. Fixes
Panic: Module context mail_crypt_user_module missing.
- mail_crypt: When LMTP was delivering mails to both recipients with mail
encryption enabled and not enabled, the non-encrypted recipients may
have gotten mails encrypted anyway. This happened when the first
recipient was encrypted (mail_crypt_save_version=2) and the 2nd
recipient was not encrypted (mail_crypt_save_version=0).
- pop3: Session would crash if empty line was sent.
- stats: HTTP server leaked memory.
- submission-login: Long credentials, such as OAUTH2 tokens, were refused
during SASL interactive due to submission server applying line length
limits.
- submission-login: When proxying to remote host, authentication was not
using interactive SASL when logging in using long credentials such as
OAUTH2 tokens. This caused authentication to fail due to line length
constraints in SMTP protocol.
- submission: Terminating the client connection with QUIT command after
mail transaction is started with MAIL command and before it is
finished with DATA/BDAT can cause a segfault crash.
- virtual: doveadm search queries with mailbox-guid as the only parameter
crashes: Panic: file virtual-search.c: line 77 (virtual_search_get_records):
assertion failed: (result != 0)
|
|
Pull in SMTP AUTH fix from 8.17.1.9.
Bump PKGREVISION
|
|
|
|
No change except version.
|
|
No change except version.
|
|
## Rails 6.1.5.1 (April 26, 2022) ##
* No changes.
## Rails 6.1.5 (March 09, 2022) ##
* Add `attachments` to the list of permitted parameters for inbound emails conductor.
When using the conductor to test inbound emails with attachments, this prevents an
unpermitted parameter warning in default configurations, and prevents errors for
applications that set:
```ruby
config.action_controller.action_on_unpermitted_parameters = :raise
```
*David Jones*, *Dana Henke*
|
|
No change except version.
|
|
No change except version.
|
|
Notmuch 0.36 (2022-04-25)
=========================
Library
-------
Add the `sexp` prefix to the infix (traditional) query parser. This
allows specific subqueries to be parsed by the sexp parser (with
appropropriate quoting). See `notmuch-search-terms(7)` for details.
Add another heuristic to regexp fields to prevent phrase parsing of
bracketed sub-expressions.
Command Line Interface
----------------------
Envelope from ("From ") headers are now escaped as X-Envelope-From: in
input to `notmuch-insert`. This prevents creating mbox files when
calling `notmuch-insert` from e.g. `postfix`.
Python (CFFI) Bindings
----------------------
Use the `config_pairs` API in ConfigIterator. This returns all
matching key-value pairs, not just those that happen to be stored in
the database.
Documentation
-------------
Reorganize documention for `notmuch-config`. Add a few links from
other man pages.
Emacs
-----
Bind the usual undo key sequences to new command
"notmuch-tag-undo". This allows transparent undo of tagging
operations.
Tests
-----
Fix smime.4 with newer gmime. Unset `XDG_DATA_HOME` and `MAILDIR` for tests.
New add-on tool: notmuch-web
-----------------------------
The new devel/ tool `notmuch-web` is a very thin web client. It
supports a full search interface for one user: there is no facility
for multiple users provided today. See the notmuch-web README file
for more information.
Be careful about running it on a network-connected system: it will
expose a web interface that requires no authentication but exposes
your mail store.
|
|
This is a bug-fix release, fixing some regressions with Maildir/mh mailbox
path normalization that were added in 2.2.0.
|
|
Addresses PR pkg/56809 from Geoff Adams.
|
|
2022-04-29 Richard Russon <rich@flatcap.org>
* Bug Fixes
- Do not crash on an invalid use_threads/sort combination
- Fix: stuck browser cursor
- Resolve (move) the cursor after <edit-label>
- Index: fix menu size on new mail
- Don't overlimit LMDB mmap size
- OpenBSD y/n translation fix
- Generic: split out OP_EXIT binding
- Fix parsing of sendmail cmd
- Fix: crash with menu_move_off=no
- Newsrc: bugfix; nntp_user and nntp_pass ignored
- Menu: ensure config changes cause a repaint
- Mbox: fix sync duplicates
- Make sure the index redraws all that's needed
* Translations
- 100% Chinese (Simplified)
- 100% Czech
- 100% German
- 100% Hungarian
- 100% Lithuanian
- 100% Serbian
- 100% Turkish
* Docs
- add missing pattern modifier ~I for external_search_command
* Code
- menu: eliminate custom_redraw()
- modernise mixmaster
- Kill global and Propagate display attach status through State
|
|
|
|
|
|
|
|
|
|
|
|
Upstream changes:
1.15 28 February 2022
Fix RT#141577: Add missing test file to package so that tests don't fail.
1.14 27 February 2022
Fix `make test` so it actually fails if there's a test failure.
Fix RT#20388: Support whitespace after :include: in Sendmail format.
Fix Sendmail format so it no longer ignores the last alias in the file if it
ends with a continuation line and there aren't any blank lines or comments
after it.
Fix RT#19419: Don't mask INC in _include_file.
1.13 26 February 2022
New maintainer: Jonathan Kamens <jik@kamens.us>
Fix syntax error under recent versions of Perl, i.e., make the module work
again.
|
|
Upstream changes:
1.952 2021-12-14 09:57:27-05:00 America/New_York
- exactly 1.951, except will install on 5.8.8
- **ACHTUNG!** Do not expect any future release to work on Perl v5.8
1.951 2021-12-14 09:41:01-05:00 America/New_York
- non-trial release of 1.950 changes
1.950 2020-11-02 19:21:52-05:00 America/New_York (TRIAL RELEASE)
- when computing filename, start from raw Content-Disposition (thanks,
Mishrakk)
- avoid a potentially very slow regex in parsing (thanks, ivulfson)
|
|
|
|
|
|
2022-04-15 Richard Russon <rich@flatcap.org>
* Security
- Fix uudecode buffer overflow (CVE-2022-1328)
* Features
- Colours, colours, colours
* Bug Fixes
- Pager: fix pager_stop
- Merge colours with normal
- Color: disable mono command
- Fix forwarding text attachments when honor_disposition is set
- Pager: drop the nntp change-group bindings
- Use mailbox_check flags coherently, add IMMEDIATE flag
- Fix: tagging in attachment list
- Fix: misalignment of mini-index
- Make sure to update the menu size after a resort
* Translations
- 100% Hungarian
* Build
- Update acutest
* Code
- Unify pipe functions
- Index: notify if navigation fails
- Gui: set colour to be merged with normal
- Fix: leak in tls_check_one_certificate()
* Upstream
- Flush iconv() in mutt_convert_string()
- Fix integer overflow in mutt_convert_string()
- Fix uudecode cleanup on unexpected eof
|
|
|
|
|
|
This is a bug-fix release, addressing CVE-2022-1328: a buffer overread in
the uuencoded decoder routine.
Also fixed were a possible integer overflow issue in the general iconv and
rfc2047-conversion iconv functions. These are not believed to be
exploitable.
|
|
|
|
|
|
2022-04-08 Richard Russon <rich@flatcap.org>
* Features
- Compose multipart emails
* Bug Fixes
- Fix screen mode after attempting decryption
- imap: increase max size of oauth2 token
- Fix autocrypt
- Unify Alias/Query workflow
- Fix colours
- Say which file exists when saving attachments
- Force SMTP authentication if `smtp_user` is set
- Fix selecting the right email after limiting
- Make sure we have enough memory for a new email
- Don't overwrite with zeroes after unlinking the file
- Fix crash when forwarding attachments
- Fix help reformatting on window resize
- Fix poll to use PollFdsCount and not PollFdsLen
- regex: range check arrays strictly
- Fix Coverity defects
- Fix out of bounds write with long log lines
- Apply `fast_reply` to 'to', 'cc', or 'bcc'
- Prevent warning on empty emails
* Changed Config
- New default: `set rfc2047_parameters = yes`
* Translations
- 100% German
- 100% Lithuanian
- 100% Serbian
- 100% Czech
- 100% Turkish
- 72% Hungarian
* Docs
- Improve header cache explanation
- Improve description of some notmuch variables
- Explain how timezones and `!`s work inside `%{}`, `%[]` and `%()`
- Document config synonyms and deprecations
* Build
- Create lots of GitHub Actions
- Drop TravisCI
- Add automated Fuzzing tests
- Add automated ASAN tests
- Create Dockers for building Centos/Fedora
- Build fixes for Solaris 10
- New libraries: browser, enter, envelope
- New configure options: `--fuzzing` `--debug-color` `--debug-queue`
* Code
- Split Index/Pager GUIs/functions
- Add lots of function dispatchers
- Eliminate `menu_loop()`
- Refactor function opcodes
- Refactor cursor setting
- Unify Alias/Query functions
- Refactor Compose/Envelope functions
- Modernise the Colour handling
- Refactor the Attachment View
- Eliminate the global `Context`
- Upgrade `mutt_get_field()`
- Refactor the `color quoted` code
- Fix lots of memory leaks
- Refactor Index resolve code
- Refactor PatternList parsing
- Refactor Mailbox freeing
- Improve key mapping
- Factor out charset hooks
- Expose mutt_file_seek API
- Improve API of `strto*` wrappers
* Upstream
- imap QRESYNC fixes
- Allow an empty To: address prompt
- Fix argc==0 handling
- Don't queue IMAP close commands
- Fix IMAP UTF-7 for code points >= U+10000
- Don't include inactive messages in msgset generation
|
|
https://github.com/shevek/libspf2/commit/c37b7c13c30e225183899364b9f2efdfa85552ef
fixes CVE-2021-33912, CVE-2021-33913 and CVE-2021-33914
|
|
|
|
|
|
|
|
This is a bug-fix release, fixing a few smaller issues. Of note, the
<edit-fcc> and IMAP create/rename mailbox prompts were fixed to use the
mailbox history list.
|
|
Changes are in devel/ruby-activestorage70 only.
Rails 7.0.2.3 (March 08, 2022)
* Added image transformation validation via configurable allow-list.
Variant now offers a configurable allow-list for
transformation methods in addition to a configurable deny-list for arguments.
[CVE-2022-21831]
|
|
Ruby on Rails 6.1.4.7 is not latest version but it should be easy to pull-up
to pkgsrc-2021Q4.
Changes are in devel/ruby-activestorage61 only.
## Rails 6.1.4.7 (March 08, 2022) ##
* Added image transformation validation via configurable allow-list.
Variant now offers a configurable allow-list for
transformation methods in addition to a configurable deny-list for arguments.
[CVE-2022-21831]
|
|
Changes are in devel/ruby-activestorage60 only.
## Rails 6.0.4.7 (March 08, 2022) ##
* Added image transformation validation via configurable allow-list.
Variant now offers a configurable allow-list for
transformation methods in addition to a configurable deny-list for arguments.
[CVE-2022-21831]
|
|
Ruby on Rails 5.2.6.3 is not latest version but it should be easy to pull-up
to pkgsrc-2021Q4.
Changes are in devel/ruby-activestorage52 only.
Rails 5.2.6.3 (March 08, 2022)
* Added image transformation validation via configurable allow-list.
Variant now offers a configurable allow-list for
transformation methods in addition to a configurable deny-list for arguments.
[CVE-2022-21831]
|